February 2021 edition: Fraudsters are NOT on Lockdown!

Fraudsters are NOT on Lockdown!

With schools focusing on keeping their pupils and staff safe, and minimising the disruptive impacts caused by the pandemic, fraudsters are ready to take the opportunity to catch them off-guard. They are capitalising on the fact that schools, at the moment, are understandably focusing heavily on managing the pandemic. With the threat of fraud continuing to grow, it is vital that schools and trusts have a programme of fraud awareness so everyone knows what to look out for.

Schools should look to ensure that their staff, particularly those who administer the school’s finances, are familiar with the following key scams operated by fraudsters:

  • CEO Fraud 
    Within a school, this type of fraud would see fraudulent emails which are made to look like they have been sent by a senior member of staff, asking for a payment to be made.

  • Invoice Fraud 
    A fake request, often received by email or letter, to change the bank account details of a beneficiary.

  • Telephone Scams 
    Fraudsters telephone the school, purporting to be from a trusted organisation, such as a bank or internet service provider, in an attempt to trick staff into:
    - Divulging online banking passwords, or
    - Making a payment to a fraudulent account, or
    - Downloading software which allows the fraudster to take remote control of a computer and steal sensitive/confidential information.

It is critical that schools know how to detect and prevent these types of fraud, by following these key tips:

1.  Don’t rely on the email address appearing to be legitimate or the wording to be familiar when it comes to making new payments or changing a beneficiary’s bank account details. Email accounts can be hacked and crucial details such as account numbers and sort codes changed.

2.  Check all requests received from a supplier or another beneficiary asking to change the account number for any payments, using an alternative communication method, such as phoning a named contact, using a known number, to ensure the request is correct. Don’t rely on the telephone number contained within the email/original message.

3.  Don’t assume that because you’ve confirmed aspects of an email to be genuine previously, the recent bank account number, or contact phone number supplied in that same email trail is also genuine.

4.  Authenticate phone calls from banks and other organisations by calling them back on an independently sourced number, e.g. from the bank’s website.

5.  Never rely on the number appearing on your caller display as confirmation of the source of the call. These numbers are now being "spoofed” with easy to obtain software.

6.  Ensure all colleagues are aware that banks will never contact you to ask for online passwords, PINs or secure payment codes.

With the threat of fraud continuing to grow, it’s vital that schools and trusts have a programme of fraud awareness so everyone knows what to look out for.

Phil Herriott

7.  Remind staff to ‘Think before you click’. Only download files or click on hyperlinks you can trust.

8.  Install antivirus software on all devices. Ensure that updates for this, the operating system and all software applications are regularly applied.

9.  Keep your passwords safe - NEVER divulge online banking passwords or card and reader codes to anyone on the telephone, via email or text.
Finally, always remember that email is not a secure method of communication. When setting up new payments, or making changes to existing payment details, always ensure that you have a robust process to validate such requests or changes, preferably verbally with a known contact.

Information on these and other fraud scams can also be found by visiting www.lloydsbank.com/business/security

Report all fraud to your bank and to Action Fraud, even if you spot and prevent the fraud, as it may help stop the fraudsters from tricking other businesses. If those businesses are your customers or suppliers, then ensuring their business doesn’t lose money to a fraud will be beneficial to your business too.

Lloyds Bank is a CST Platinum Partner
LloydsBank.com